CVE-2007-3215

NameCVE-2007-3215
DescriptionPHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1315-1
Debian Bugs429179, 429190, 429191, 429192, 429193, 429194, 429195, 429196, 429197, 504253, 504255

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libphp-phpmailer (PTS)buster6.0.6-0.1fixed
bullseye6.2.0-2fixed
bookworm6.6.3-1fixed
sid, trixie6.8.1-1fixed
wordpress (PTS)buster5.0.15+dfsg1-0+deb10u1fixed
buster (security)5.0.21+dfsg1-0+deb10u1fixed
bullseye (security), bullseye5.7.8+dfsg1-0+deb11u2fixed
bookworm6.1.1+dfsg1-1fixed
sid, trixie6.4.3+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
egroupwaresource(unstable)(not affected)
flyspraysourcesarge(not affected)
flyspraysourceetch(not affected)
flyspraysource(unstable)0.9.8-12429191, 429195
glpisourceetch(not affected)
glpisource(unstable)0.68.3.2-1429192
ipplansource(unstable)4.85-2429193
knowledgerootsourceetch(not affected)
knowledgerootsource(unstable)0.9.8.2-2429196
libphp-phpmailersourceetch1.73-2etch1DSA-1315-1
libphp-phpmailersource(unstable)1.73-4high429179
maharasourcelenny1.0.4-3
maharasource(unstable)1.0.5-2504253
moodlesource(unstable)1.8.2-2429190
owl-dmssourceetch(not affected)
owl-dmssource(unstable)0.94-2429197
phpgroupwaresourceetch(not affected)
phpgroupwaresource(unstable)0.9.16.012+dfsg-9medium504255
wordpresssourceetch(not affected)
wordpresssource(unstable)2.2.1-1429194

Notes

[etch] - flyspray <not-affected> (Vulnerable code not)
[sarge] - flyspray <not-affected> (Vulnerable code not included)
[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
[etch] - owl-dms <not-affected> (Vulnerable code not used)
[etch] - glpi <not-affected> (Vulnerable code not used)
[etch] - wordpress <not-affected> (Vulnerable code not present)
[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
- egroupware <not-affected> (bug #504283; Vulnerable code not used)

Search for package or bug name: Reporting problems